Package podtolerationrestriction is a plugin that first verifies any conflict between a pod's tolerations and its namespace's tolerations, and rejects the pod if there's a conflict. If there's no conflict, the pod's tolerations are merged with its namespace's toleration. Resulting pod's tolerations are verified against its namespace's whitelist of tolerations. If the verification is successful, the pod is admitted otherwise rejected. If a namespace does not have associated default or whitelist of tolerations, then cluster level default or whitelist of tolerations are used instead if specified. Tolerations to a namespace are assigned via scheduler.alpha.kubernetes.io/defaultTolerations and scheduler.alpha.kubernetes.io/tolerationsWhitelist annotations keys.
The annotation keys for default and whitelist of tolerations
const PluginName = "PodTolerationRestriction"
PluginName is a string with the name of the plugin
Register registers a plugin
Plugin contains the client used by the admission controller
NewPodTolerationsPlugin initializes a Plugin
func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
Admit checks the admission policy and triggers corresponding actions
SetExternalKubeClientSet sets th client
SetExternalKubeInformerFactory initializes the Informer Factory
func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
Validate we can obtain a whitelist of tolerations
ValidateInitialization checks the object is properly initialized
|apis/podtolerationrestriction/install||Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.|
|apis/podtolerationrestriction/v1alpha1||Package v1alpha1 is the v1alpha1 version of the API.|